CVE-2021-34593

CWE-755 — Improper Exception Handling3 documents3 sources

Severity

7.5HIGH

EPSS

1.6%

top 18.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codesys Codesys V2 Codesys Plcwinnt Codesys Runtime Toolkit +13 more

Timeline

PublishedOct 26

Latest updateMay 24

Description

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages16 packages

▶NVDcodesys/runtime_toolkit< 2.4.7.56

▶NVDcodesys/plcwinnt< 2.4.7.56

▶CVEListV5codesys/codesys_v2Runtime Toolkit 32 bit full — V2.4.7.56+1

▶NVDwago/750-8202_firmware< fw20

▶NVDwago/750-8203_firmware< fw20

🔴Vulnerability Details

GHSA

GHSA-mp42-p5v3-r5p6: In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2↗2022-05-24

▶

CVEList

CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service↗2021-10-26

▶